SwftSubscriptions

v1.0.0WordPress PluginAudited 45 days ago

HIGH

WP.org

#3 Performance

Total Findings

Security Grade

Coding Score

100/100

Security Findings

Critical0

High6

Medium22

Low6

Info4

Executive Summary

SwftSubscriptions is a minimal WooCommerce plugin that extends Swft Checkout with subscription billing data. The plugin has a very limited attack surface with no user input handling, admin interfaces, or external API calls. All functionality operates through WordPress/WooCommerce filters and actions with read-only data processing. The code follows WordPress coding standards well and implements proper dependency checks. The main security concern is the lack of explicit type checking on hook parameters, though this poses minimal risk in practice.

Security Report Card

Readiness

Production Ready

Needs Work

WP.org Ready

Needs Changes

Compliance

Compliant

Coding Standards

100/100

PHP Compatibility

Requires PHP 8.0Declared minimum: 7.4Mismatch detected

Categories with Findings

PHP CompatibilityPlugin LifecyclePHP CompatibilityType Safety

Plugin Info

Audit Count: 1
Type: plugin

Embed Audit Badge

Show your audit status in your README or website.

<a href="https://wphealthkit.com/directory/swft-subscriptions"><img src="https://wphealthkit.com/api/badge/swft-subscriptions" alt="SwftSubscriptions security audit by WP HealthKit" /></a>

Are you the developer?

Claim this listing to get a Verified badge, control public audits, and get automatic re-scans.

Claim This Plugin

Readiness

Production Ready

Needs Work

WP.org Ready

Needs Changes

Compliance

Compliant

Coding Standards

100/100

PHP Compatibility

Requires PHP 8.0Declared minimum: 7.4Mismatch detected

Categories with Findings

PHP CompatibilityPlugin LifecyclePHP CompatibilityType Safety

Positive Observations

Proper ABSPATH security checks in all files
Clean separation of concerns with static methods and clear responsibilities
Follows WordPress coding standards with consistent naming and structure
Proper dependency checking for WooCommerce and WooCommerce Subscriptions
No direct database queries - uses WooCommerce APIs exclusively
No user input handling reduces attack surface significantly
Proper text domain usage for translations
Uses WordPress hooks appropriately without modifying core behavior
Clean error handling with graceful degradation when dependencies missing
Proper ABSPATH guards and defined() checks
Uses WordPress coding standards for file structure
Appropriate use of WooCommerce hooks and filters
No external HTTP calls or privacy concerns detected
Efficient single-file class structure
Proper esc_html__() usage in admin notice
Good separation of concerns with static methods
Appropriate dependency checking for WooCommerce and WC_Subscriptions
Plugin follows WordPress coding standards with proper escaping in admin notice using esc_html__()
Uses WordPress native admin notice classes (.notice .notice-warning) which have built-in accessibility support
No frontend rendering reduces potential accessibility issues
Proper text domain usage for internationalization supports screen reader localization
Clean separation of concerns with backend data manipulation only
Plugin only loads when required dependencies (WooCommerce, WooCommerce Subscriptions) are active
Uses static methods to avoid unnecessary object instantiation
Proper null return type declaration for get_subscription_data()
Early exit pattern implemented in get_subscription_data() loop
No global asset loading - plugin is backend-focused
No HTTP calls or file I/O operations
Reasonable memory usage with focused data extraction
Clean hook registration in single init() method

SwftSubscriptions

Security Findings

Executive Summary

Security Report Card

Readiness

PHP Compatibility

Categories with Findings

Plugin Info

Embed Audit Badge

Are you the developer?

Audit Your Plugin

Readiness

PHP Compatibility

Categories with Findings

Positive Observations